List of Volatility Plugins

The Volatility Framework was designed to be expanded by plugins. Here is a list of the published plugins for the framework. Note that these plugins are not hosted on the wiki, but all on external sites.

getsids (By Moyix) - Get information about what user (SID) started a process.

ssdt (By Moyix) - List entries in the system call table. Can be used to detect certain rootkits that hook system calls by replacing entries in this table.

threadqueues (By Moyix) - Enumerates window messages pending for each thread on the system. Window messages are the mechanism used to send things like button presses, mouse clicks, and other events to GUI programs.

objtypescan (By Andreas Schuster) - Lists open files by enumerating the _FILE_OBJECT structure. (Note: If running the SVN version of Volatility, just install the plugin file from this archive)